-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to use Nitrokey HSM with Windows Server 2022 #2541
Comments
It sounds like you didn't install OpenSC's Minidriver. |
I thought the same thing yet I followed the same install process on a SR 2019 box and had no issues. |
How does Server 2022 compare to other versions?
Does the Nitrokey HSM work on Windows 10 and Windows 11
I.e. does OpenSC need to be signed to do install? Did it install?
Are you able to use any commands like pkks11-tool --test --login. Or
pkcs11-tool -M
Or certutil -scinfo
Are you trying to use EC keys?
…On Sat, Apr 23, 2022, 6:50 AM Josh Bloxsome ***@***.***> wrote:
It sounds like you didn't install OpenSC's Minidriver.
I thought the same thing yet I followed the same install process on a SR
2019 box and had no issues.
—
Reply to this email directly, view it on GitHub
<#2541 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGTIMJZ5YKYNF34AOBIIR3VGPPYHANCNFSM5T2PRG5Q>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Windows has a limit of ten smart card readers because of RDC problems. Does the 2022 server add additional readers? |
|
Sorry, clicked the wrong button! Didn't mean to close this and reopen it :) How does Server 2022 compare to other versions? Does the Nitrokey HSM work on Windows 10 and Windows 11 I.e. does OpenSC need to be signed to do install? Did it install? Are you able to use any commands like pkks11-tool --test --login. Or Are you trying to use EC keys? On the additional reader front, I'm still looking into that as well. |
What do you mean by the above? Most readers use the Microsoft default CCID reader driver. Can you be more specific on what device driver show for the driver? Is there am error code? I only have Windows 10 Pro. With a Nitro Start, device manager shows: "Microsoft Uscccid Smartcard Reader (WUDF)" 6/21/2006, version "10.0.19041.1" Is this the problem? |
Sorry, just getting the server back up and running. Yes, it is receiving an error code 31 and I have tried the solution outlined in that article without any resolution. Microsoft Usbccid Smartcard Reader (UMDF2) Code 31 - Operation Failed |
For testing purposes and to nail down issues I recommend to use RSA2048 and not EC. If everything works, change the algorithm back to EC in a last step. |
Did you restart server after making registry change? Note registry change is at the: Have you tried telling Device Manager to update the driver? Google for: Microsoft Usbccid Code 31 |
Yes, I restarted the server and applied it in the |
I think I may have a solution for you: Windows seems to select the wrong device driver on Windows Server. On Windows Server the device shows up as "Microsoft Usbccid Smartcard Reader (UMDF2)", whereas on a desktop windows it shows up as "Microsoft Usbccid Smartcard Reader (WUDF)" I do not know why this happens, but the following worked for me:
What is a bit annoying about this is if you plug in the device on a different USB port, then you have to do the same again. So if anybody knows how to make this permanent I'd be very happy to hear about it. It probably involves modifying the inf files a bit?
(the hash parts of the file name might differ a bit depending on the windows version) |
Interesting, Thanks @StefanD986! Sorry, has been a while since I have had a chance to dig into this. Let me see how that goes. |
@StefanD986 You're a lifesaver - thanks! |
Seems to be an issue with Server 2022 and the NitroKey HSM. For some reason, it shows up as a Microsoft smart card reader (ccid) with a faulty driver. Haven't done much digging into it yet.
The text was updated successfully, but these errors were encountered: